Redirect SSO users to their Home Realm when they try to fill the Signup form

Feature: Redirect users to their SSO-Provider instead of proceeding with a database registration if they fill the signup instead of the login form

Description: Given you have identifier first login enabled, a database connection and an Azure SSO connection. Given the SSO connection has home realm discovery enabled for @acme.example. Given the login page is called with screen_hint=signup.

When the user enters the email address jane.doe@acme.example into the signup form and hits the submit/next button, then the user should be redirected to their home realm SSO provider.

Current behavior instead is to let them finish their DB signup for an account, that - due to home realm discovery being enabled - they will never be able to login to again. Home realm discovery will later always redirect them to their SSO provider before they are even able to enter the password for their now created database account.

Use-case: We are a B2B SaaS Company. We have identifier first login and home realm discovery enabled. Some of our users sign up directly with our database connection (username/password), some are behind customer SSO connections (mostly Azure AD).

The fact, that a user might be an SSO user is opaque to our app. This fact is - for first time users - only known to Auth0. So, when a new user of an SSO customer hits our app for the first time, we redirect them to Auth0 with screen_hint=signup. Only once they are redirected back and hopefully authenticated, we know their identity and therefore, if they are part of an SSO connection. We therefore can not provide another screen_hint to those users.

The current behavior causes great confusion with the users of our customers, because they expect a seamless SSO and are instead confronted with a “please enter your password” field - without having a clue what to enter there.

Hey there!

Thank you for creating this feedback card. Let’s hope it’s gonna get more traction from other community users!